Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Firewalla Gold setup with Ubiquiti Dream Machine SE

Follow
Avatar
DHerberger

I recently just setup a UNIFI systems in my home. My current setup is as follows:

Internet -> FW Gold (Router Mode) -> UDM SE -> All Devices

The issue I have with this setup is I cannot VPN in using Wireguard into my NAS.  What is the proper setup for FWG with UNIFI?

0

Comments

2 comments

Sort by Date Votes
  • Avatar
    Firewalla

    Are you running UDM-SE in router mode as well?

    If you want to keep both UDM and Firewalla, one other deployment is

    ISP --> UDM-SE (router mode) -> Firewalla in Bridge mode -> All devices

    There are limitations on the bridge mode, but it will avoid problems from multiple routers in your network. See https://help.firewalla.com/hc/en-us/articles/1500012304202-Firewalla-Transparent-Bridge-Mode

    0
    Comment actions Permalink
  • Avatar
    owen.brown

    I had the same issue when I got my firewalla gold. I initially had it all setup in bridge mode but really wanted to use some of the other features not available in bridge mode. So after scouring the internets I found a solution. from Lawrence Systems. Since it is not possible to put the UDM into bridge mode and bypass its firewall or routing features this works to make the UDM think it’s at the top of the network when it’s really behind firewalla.

    I have a few cameras, lights, doorbell and APs all in the UniFi ecosystem and wanted to keep all of that intact.

    The solution I found to make it all work tricks the UDM into thinking it’s connecting to the WAN but then you give it an address inside your LAN.

    Basically you configure the firewalla to have two networks. LAN1 is the main network that all your devices live on and LAN2 is setup to give your UDM a dummy WAN connection on its WAN port. Without a connection to its WAN port the UDM will just complain that it needs a connection to the internet.

    For LAN1 set the range of addresses from .2 -.254 (this is important and you’ll soon see why) plug the cable from firewalla for LAN1 into any other port other than the WAN ports on the UDM.

    Setup LAN2 on firewalla and give it any IP range. Plug this cable into the firewalla on the proper port for LAN2 and into the UDM WAN port.

    Then on the UDM you assign the gateway address (its IP address) to the .1 address that is not in firewallas LAN1 range (I told you it was important!) Also, on the UDM you need to turn off DHCP so firewalla is the only device handing out addresses on your network.

    Your UDM will be happy it’s connected to the internet but will actually be operating on LAN1 so it can control your UniFi gear. It will also still be available over the internet for management because it has a connection via the WAN port.

    This video does a way better job of explaining how to do this and was what worked for me.
    https://www.youtube.com/watch?v=Omm2pQUJO0o

    Hope that helps!

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post